Cyber crooks carrying out nation state-style attacks

Cyber criminals are targeting British businesses by imitating nation state-style attacks, the National Crime Agency warns.

An annual assessment of the biggest threats has uncovered a growing fast-changing threat based on government-sponsored hacking.

It discusses the trend of criminals copying suspected nation state ‘actors’ who are given license to attack financial institutions and other organisations - knowing they will be highly unlikely to be arrested in their home country.

They often have close links to the military, intelligence or state control apparatus of their country - and a high degree of technical expertise.

The report said: “The lines between those committing attacks continue to blur, with criminal groups imitating states in order to attack financial institutions and more advanced actors successfully using ‘off the shelf’ malware to launch attacks.”

The report produced jointly by the National Crime Agency (NCA), National Cyber Security Centre (NCSC) and industry partners from multiple sectors is the most detailed of its kind to date.

An NCA spokesperson said criminals seek to establish a long-term presence on target networks - enabling them to identify information of value.

He said: “This has traditionally been a hallmark of suspected state activity, whereas criminals would often seek rapid, one-off successes.”

The report emphasises the need for increased collaboration between industry, government and law enforcement.

It also highlights increased levels of aggressive and confrontational cyber crime - particularly through Distributed Denial of Service (DDoS) attacks combined with extortion and ransomware.

This encrypts victim computers and demands a ransom in return for restoring control to the user.

Donald Toon, director for economic and cyber crime at the National Crime Agency, said: “We have worked with the NCSC and valued private sector partners to produce this assessment, setting out an up to date picture of threats to business including ransomware, DDoS and evolving financial trojans.

“These threats demonstrate the need for a collaborative response across industry, law enforcement and government, with the ultimate aim of protecting customers and the UK economy.

“Businesses reporting cyber crime is essential if we are to fully understand the threat, and take the most effective action against it.

“And while 100% protection doesn’t exist, making cyber security an organisational priority and ensuring up to date processes and technology can protect against the vast majority of attacks.

“The NCA and its partners continue to have significant success against cyber crime, through identifying and arresting criminals at home and abroad, working to deter young people from becoming involved in criminality, and disrupting the ways in which criminals make and launder their money.”

The report being presented at the NCSC’s Cyber UK Conference in Liverpool points out the risk posed by the ever-increasing number of connected devices - many of which are not always made secure by manufacturers or users.

It urges companies to report all cyber crime to ensure the UK has an accurate intelligence picture.

Ciaran Martin, CEO of the National Cyber Security Centre, said: “As the national technical authority for cyber security in the UK, the NCSC agenda is unashamedly ambitious; we want to be a world leader in cyber security.

“Cyber attacks will continue to evolve, which is why the country must work together at pace to deliver hard outcomes and ground-breaking innovation to reduce the cyber threat to critical services and deter would-be attackers.

“No single organisation can defend against the threat on its own and it is vital that we work together to understand the challenges we face.

“We can only properly protect UK cyberspace by working with others with the rest of government, with law enforcement, the Armed Forces, our international allies and, crucially, with business and wider society.”

Despite a rise in attacks on governments, infrastructure and political institutions, few international agreements currently exist governing acceptable use of nation-state cyber attacks.

The United States and China signed a bilateral pledge in 2015 to refrain from hacking companies in order to steal intellectual property. A similar deal was forged months later among the Group of 20 nations.

Don Smith, technology director, SecureWorks and representative of the Strategic Cyber Industry Group set up by private companies, said: “The development of technology throughout history has given smart criminals new ways to get what they want: email spawned the development of phishing and spam; online banking led to the creation of viruses that target bank accounts; and the Internet of Things will doubtless bring opportunities for new methods of attack.

“Many businesses face understandable difficulty in reporting cybercrime incidents, but knowing that revealing such information might prevent further harm to their business is essential.